MS-102 - Microsoft 365 Administrator Expert Implementing Data Loss Prevention Questions and Answers

Question 1

An administrator needs to create a single Data Loss Prevention (DLP) policy to prevent the accidental sharing of documents containing credit card numbers.
The policy must apply to users' corporate email, their OneDrive for Business accounts, and also block the upload of these files to non-allowed cloud services from their managed Windows 11 devices.
Which locations must be selected in the DLP policy configuration?

Accepted Answer

Exchange Online, OneDrive for Business, and Devices

Answer

Exchange Online, SharePoint Online, and OneDrive for Business

Answer

Microsoft Teams chat and channel messages, and Devices

Answer

Exchange Online and Microsoft Defender for Cloud Apps

Question 2

You are configuring a new Data Loss Prevention (DLP) policy in 'Test it out first' mode. Your goal is to educate users about the company's data handling policies without immediately blocking their actions. Which of the following configurations is MOST appropriate for this initial educational phase?

Accepted Answer

Enable the policy and only configure policy tips to show to users.

Answer

Set the policy action to 'Block everyone' and customize the email notification.

Answer

Set the policy action to 'Restrict access' and disable all user notifications.

Answer

Configure the policy to only generate an incident report for administrators.

Question 3

An administrator is creating a custom Sensitive Information Type (SIT) to detect a unique internal project code with the format 'PROJ-' followed by exactly six digits (e.g., PROJ-123456). Which of the following should be used as the primary element to define this specific pattern?

Accepted Answer

A regular expression

Answer

A keyword dictionary

Answer

A document fingerprint

Answer

A trainable classifier

Question 4

An organization wants to implement Endpoint Data Loss Prevention (DLP) to monitor and control activities on their corporate Windows 11 devices. Which of the following is a mandatory prerequisite for these devices to be covered by Endpoint DLP policies?

Accepted Answer

The devices must be onboarded into Microsoft Defender for Endpoint.

Answer

The devices must be managed by a third-party MDM solution.

Answer

The Microsoft Purview Information Protection client must be installed on the devices.

Answer

The devices must have BitLocker drive encryption enabled.

Question 5

An administrator has configured two active Data Loss Prevention (DLP) policies:

- Policy 1 (Priority 0): Blocks external sharing of any content containing a single U.S. credit card number.
- Policy 2 (Priority 1): Shows a policy tip if content containing any financial data (including credit card numbers) is detected.

A user attempts to email a document containing one U.S. credit card number to an external recipient. What is the expected outcome?

Accepted Answer

The email is blocked, and the user also sees a policy tip.

Answer

The email is sent, and the user sees a policy tip.

Answer

The email is blocked, and no policy tip is shown.

Answer

Both policies are ignored, and the email is sent successfully.

Question 6

A security administrator is configuring a Data Loss Prevention (DLP) policy and wants to ensure that an email alert is sent to the security operations team every time a user overrides a policy by providing a business justification. Which setting within the DLP policy configuration should be used to achieve this?

Accepted Answer

Customize the 'Incident reports' settings and enable notifications.

Answer

Configure an audit log search for 'DLP policy override' events.

Answer

Modify the 'User notifications' section to CC the security team.

Answer

Create a separate mail flow rule in the Exchange admin center.